VDB-107198 · CVE-2017-12814 · BID 101051

Perl up to 5.24.2/5.26.0 win32/perlhost.h CPerlHost::Add Environment Variable memory corruption

A vulnerability was found in Perl up to 5.24.2/5.26.0 (Programming Language Software). It has been rated as critical. Affected by this issue is the function CPerlHost::Add of the file win32/perlhost.h. Upgrading to version 5.24.3-RC1 or 5.26.1-RC1 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at perl5.git.perl.org. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	09/28/2017 11:11 AM	11/20/2019 09:13 AM	01/14/2021 03:36 PM
type	Programming Language Software	Programming Language Software	Programming Language Software
name	Perl	Perl	Perl
version	<=5.24.2/5.26.0	<=5.24.2/5.26.0	<=5.24.2/5.26.0
file	win32/perlhost.h	win32/perlhost.h	win32/perlhost.h
function	CPerlHost::Add	CPerlHost::Add	CPerlHost::Add
input_type	Environment Variable	Environment Variable	Environment Variable
cwe	119 (memory corruption)	119 (memory corruption)	119 (memory corruption)
risk	2	2	2
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	5.9	5.9	5.9
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	P	P	P
cvss3_meta_basescore	8.5	8.5	8.5
cvss3_meta_tempscore	8.2	8.2	8.2
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	7.0	7.0	7.0
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	H	H	H
cvss3_nvd_a	H	H	H
date	1506556800 (09/28/2017)	1506556800 (09/28/2017)	1506556800 (09/28/2017)
location	GIT Repository	GIT Repository	GIT Repository
type	GIT Commit	GIT Commit	GIT Commit
url	https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1	https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1	https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Patch	Patch	Patch
upgrade_version	5.24.3-RC1/5.26.1-RC1	5.24.3-RC1/5.26.1-RC1	5.24.3-RC1/5.26.1-RC1
patch_url	https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1	https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1	https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1
cve	CVE-2017-12814	CVE-2017-12814	CVE-2017-12814
cve_assigned	1502409600	1502409600	1502409600
cve_nvd_published	1506470400	1506470400	1506470400
cve_nvd_summary	Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.	Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.	Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
securityfocus	101051	101051	101051
securityfocus_title	Perl CVE-2017-12814 Stack Based Buffer Overflow Vulnerability	Perl CVE-2017-12814 Stack Based Buffer Overflow Vulnerability	Perl CVE-2017-12814 Stack Based Buffer Overflow Vulnerability
nessus_id	103442	103442	103442
nessus_name	FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)	FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)	FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)
nessus_filename	freebsd_pkg_d9e82328a12911e7987e4f174049b30a.nasl	freebsd_pkg_d9e82328a12911e7987e4f174049b30a.nasl	freebsd_pkg_d9e82328a12911e7987e4f174049b30a.nasl
nessus_risk	High	High	High
nessus_family	FreeBSD Local Security Checks	FreeBSD Local Security Checks	FreeBSD Local Security Checks
nessus_type	local	local	local
nessus_date	1506297600 (09/25/2017)	1506297600 (09/25/2017)	1506297600 (09/25/2017)
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
0day_days	9	9	9
cvss3_nvd_basescore	9.8	9.8	9.8
discoverydate		1505433600	1505433600
confirm_url		https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1	https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1
date		1506211200 (09/24/2017)	1506211200 (09/24/2017)
securityfocus_date		1506556800 (09/28/2017)	1506556800 (09/28/2017)
securityfocus_class		Boundary Condition Error	Boundary Condition Error
person_name			John Leitch
cvss2_nvd_basescore			7.5

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!